CSRF Vulnerability in DClassifieds 0.1 Final Allows Remote Account Hijacking

CSRF Vulnerability in DClassifieds 0.1 Final Allows Remote Account Hijacking

CVE-2012-0990 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify account settings such as the administrator password or email via certain Settings[] parameters.

Learn more about our Web Application Penetration Testing UK.